6 mistakes to avoid in the LGPD compliance process

Evite estes 6 erros na adequação à LGPD

The LGPD compliance process is not the same for all companies, as it depends on their needs and business type.

However, there are some common mistakes when implementing the new law that can easily be avoided.

We’ll list below 6 common errors in the LGPD compliance process:

  1. Underestimating LGPD

Companies should consider LGPD (as well as the GDPR) as a step towards a more comprehensive personal data management. Consequently, the compliance process should be handled with the same level of seriousness as any other strategic business decision.

  1. Comparing it to the GDPR

The LGPD and GDPR are similar but different laws. So, companies that have already gone through the GDPR compliance process cannot ignore LGPD requirements, solely because of its similarity to the EU law.

  1. Not changing the organizational culture

It’s critical to focus on technical aspects to comply with the LGPD without forgetting to change the organizational culture: the set of values, beliefs, rituals, and norms adopted by a given organization.

This way, companies should educate their employees through a correct approach that emphasizes:

  • the law – obligations, and fines
  • the negative impact that personal data exposure can have.
  1. Non-global compliance

Some companies choose to implement LGPD only in “core” departments.

Actually, companies should analyze which departments have a higher risk of data leakage to prioritize them. Yet, implementing LGPD only in these departments and assuming that the compliance process is completed is to put the company at risk of a possible sanction. Therefore, LGPD should be implemented in the organization as a whole and not only in a few departments.

  1. Not investing in Identity Management

The biggest risk related to data leakage is within the organization, even more than external attacks. To avoid such a situation, companies should define who has access to what and the level of access. The implementation of identity management allows a significant reduction in undue access.

  1. Assuming that the compliance process has a finish line

The truth is that each company will need more or fewer efforts to comply with the LGPD. The compliance work is continuous and needs to be regularly updated.

The law defines two factors for compliance:

  • a well-executed LGPD implementation program
  • regular maintenance


Lastly, now that you know the mistakes you should avoid in the LGPD compliance process, it’s easier to understand what your business can do to make the process easier and how GetComplied can help you.

We’ve developed GetComplied to help companies comply with data protection laws, and it’s super easy! You can edit your policies, cookies, and user rights on one platform.

Was this post helpful?